Thursday (May 6th) marks the annual World Password Day – an awareness event designed to promote better password habits. This year, with so many of us working from home and cybersecurity stretched to the limit, safe and secure passwords are more important than ever before. With that in mind, we spoke to several experts to find out how consumers and businesses alike can ensure that their passwords stand up in today’s climate. Here’s what they had to say:
Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance:
“World Password Day represents a reminder that PINs and passwords are an archaic tool, no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies.
“Indeed, new UK research from Nuance has found that over one in five (22%) consumers have admitted to relying on the same two or three different passwords or similar variations of them. A similar number (20%) say they receive notifications their passwords have been compromised on at least a monthly basis. This could leave those individuals at an increased risk of fraud, and it is the enterprises that must take responsibility to address this by strengthening their customers’ security with more modern solutions.
“Given the same poll has found that on average victims of fraud lost over £3,200 each in the last 12 months – three times higher than two years ago – it is high time PINs and passwords are confined to the history books, so that technology – such as biometrics – can be more widely deployed in order to robustly safeguard customers. Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.”
Raj Samani, Chief Scientist and McAfee Fellow:
“When it comes to online safety, password hygiene has never been more relevant. Over the past year alone, we’ve seen a massive surge in online activity, with the pandemic leaving many Brits reliant on conducting daily activities such as shopping and banking online.
“Passwords are of course a key part of our digital lives, enabling people to gain quick access to a variety of online platforms, accounts and devices. However, it can be easy to take them for granted and forget the basics of password hygiene during our busy lives, particularly now as we have so many accounts to keep on top in order to get on with our day-to-day activities.
“Passwords which include personal information, such as your name, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online, making it easier for online criminals to make guesses about your password. You should also never share a password, even with a close relative. While this may seem harmless, sharing these details could result in critical personal information falling into the wrong hands. In fact, McAfee recommends changing your passwords about every three months at a minimum. This is so that if a password has been shared or compromised, the safety of your online information has a higher chance of being kept safe by making this change.
“World Password Day is an excellent time to highlight the importance of password safety to consumers. But it is just as important to ensure password hygiene remains top of mind at all times and not just for one day.”
Krupa Srivatsan, Director of Product Marketing at Infoblox
“The average person manages anywhere between 60 and 90 password-protected accounts–a number that goes up for IT professionals. In an ideal world, each password would be a unique set of randomly generated characters and numbers. But that doesn’t really happen.
“Weak passwords represent a cybersecurity threat for organizations already struggling with security compliance during remote work and the blurring of personal and professional spaces. In fact, more than 80% of data breaches involved brute force or stolen credentials.
“Organisations need to take a few extra steps to ensure that they don’t compromise on security while their employees are working at home. Improved last-mile endpoint security solutions paired with password best practices can help improve network security.
“For example, Organisations can leverage the benefits of a DNS-first approach for a wide variety of detection and protection purposes, both on and off-premises. Because it sits at the core of the network and touches every device that connects to it, DNS is a powerful tool that can be used to catch the more than 90% of malware that uses it to enter or exit a network.”
John Smith, Solutions Architect at Veracode:
“As businesses continue to operate remotely, and companies deploy their infrastructure into online environments, it’s clear that password hygiene should be a big focus. Hackers have the ability to crack a 7-character password in 0.29 milliseconds, which is why it’s time to focus on application authentication. A simple static password will not suffice, and companies should avoid using predictable passwords to avoid damaging password spraying attacks. Passwords should always be unique, not recycled, and stored in a secure password safe.
“Although businesses are conscious of the role that software security plays in keeping data protected, banks and other industries need to take more ownership of application authentication to help detect fraudulent account access. This World Password Day, I urge businesses to empower developers by training them on best practices in secure coding and providing the right tools to prevent users being more exposed to data breaches from hackers who will continue to look past passwords for weak points in the application layer.“
“As digital-first approaches and distributed workforces become the status quo for many industries, raising awareness around the importance of password security has arguably never been more important. And with recent NCSC research finding that people are using passwords which are an easy target for hackers, it’s clear more needs to be done by businesses to provide the technology and training to ensure better cyber-resiliency across the board.
“It is imperative that we secure systems and infrastructure to ensure that the right people have the right access to the right assets at the right time. No more, no less. Importantly, we now live in an era where we do not need passwords alone – or sometimes at all – to enable trusted access. Multi-factor authentication is a useful tool, using more personal attributes, such as biometric data in someone’s voice, or devices, such as a code sent to an individual’s watch, to replace or augment passwords.
“Yet despite these advances, there is no doubt that, for now, passwords aren’t going anywhere anytime soon. What’s more, boosting password security – and cyber-resiliency more widely – cannot be achieved by technology alone. Businesses must ensure they are educating their employees on best practice cybersecurity hygiene, beginning with how to create strong passwords and the importance of using different ones for different applications and services. Not only that, they must make sure workforces understand the various tactics used by hackers to target unsuspecting users, from phishing to fake websites. Crucially, increasing awareness among staff on how they could potentially be putting their organisation’s data at risk is key, especially as workforces continue to access systems remotely during and after the pandemic.”